[Samba] nested groups not working with sudo and winbind
Gerald (Jerry) Carter
jerry at samba.org
Thu Apr 24 13:02:02 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Glenn Bailey wrote:
|>> I'm having an issue with sudo not recognizing nested groups via AD and
|>> winbind. I have an AD group called UnixAdmins and when I ad and AD
|>> account *directly* into this group, I am able to use sudo just fine as
|>> it is in the sudoers. *but* say I have a nested group in UnixAdmins
|>> like CustomerUsers or whatnot it won't recognize. Now, I also restrict
|>> access via pam.d systems-auth to UnixAdmins, so I know that part it
|>> working. Also, when I run and "id" it shows the proper groups. It's
|>> just seems sudo won't recognize the nested groups :-(
|>>
|>> Anyone run into this issue before? It's gonna be an admin nightmare
|>> just to populate UnixAdmins with individual accounts ..
|
|> This was fixed in the upcoming 3.2 release. See the "winbind expand
groups" option.
|
| is there anyway to patch 3.0.28a to allow for this? or
| any kind of workaround?
Not officially. Are you running a file server? Or just using
Winbind to authenticate logons? I originally did the work
in Likewise's Winbind tree and pushed it upstream. So
it has been shipping in Likewise Open [1] for a while.
[1] http://www.likewisesoftware.com/community/
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIEITKIR7qMdg1EfYRArWoAJ46Dit2T0nwcYwzs9aiZAwrP5bb9QCfQJyS
ZznswpSiZQkmjPy2fA+CrNQ=
=72M+
-----END PGP SIGNATURE-----
More information about the samba
mailing list